^c@sdZddlZddlZddlmZddlmZddlmZddlmZddlm Z d dd YZ d Z d Z d Z dZdZdddYZdddYZdddYZdddYZdS(s7 Classes for representing and manipulating interfaces. iNi(taccess(t refpolicy(t objectmodel(tmatching(t_tParamcBsSeZdZdZdZdZeeeZeddZdZ RS(s; Object representing a paramater for an interface. cCs1d|_tj|_tj|_t|_dS(Nt(t _Param__nameRtSRC_TYPEttypetIdSett obj_classestTruetrequired(tself((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__init__&s  cCs/tj|s"td|n||_dS(NsName [%s] is not a param(Rt is_idparamt ValueErrorR(Rtname((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytset_name,scCs|jS(N(R(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytget_name1stfgetcCst|jdS(Ni(tintR(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt6scCs*d|jtj|jdj|jfS(Ns0t (RRt field_to_strR tjoinR (R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__repr__8s( t__name__t __module__t__doc__RRRtpropertyRtnumR(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyR"s   cCs+d}||kr||}||jkr/dS|tjksM|tjkr|jtjksq|jtjkrd}|r|jg}ng}x6tj|j|D]}|tj krd}PqqWtj|_q d}n(t }||_ ||_|||j <|r'|jj |jn|S(Nii( R RRtTGT_TYPEt obj_classt itertoolstchainR Rtimplicitly_typed_objectsRRtadd(RR tavtparamstrettptavobjstobj((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__param_insert>s0  $     cCsd}t}tj|jrKt|jtj||dkrKd}qKntj|jrt|jtj||dkrd}qntj|j rt|j tj ||dkrd}qnxA|j D]6}tj|rt|t dkr d}q qqW|S(sjExtract the paramaters from an access vector. Extract the paramaters (in the form $N) from an access vector, storing them as Param objects in a dictionary. Some attempt is made at resolving conflicts with other entries in the dict, but if an unresolvable conflict is found it is reported to the caller. The goal here is to figure out how interface paramaters are actually used in the interface - e.g., that $1 is a domain used as a SRC_TYPE. In general an interface will look like this: interface(`foo', ` allow $1 foo : file read; ') This is simple to figure out - $1 is a SRC_TYPE. A few interfaces are more complex, for example: interface(`foo_trans',` domain_auto_trans($1,fingerd_exec_t,fingerd_t) allow $1 fingerd_t:fd use; allow fingerd_t $1:fd use; allow fingerd_t $1:fifo_file rw_file_perms; allow fingerd_t $1:process sigchld; ') Here the usage seems ambigious, but it is not. $1 is still domain and therefore should be returned as a SRC_TYPE. Returns: 0 - success 1 - conflict found ii( tFalseRRtsrc_typeR-RRttgt_typeR!R"t OBJ_CLASStpermstPERM(R'R(R)t found_srctperm((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytav_extract_paramsjs $! ! ! cCs/tj|jr+t|jtjd|SdS(N(RRtroleR-RtROLEtNone(R7R(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytrole_extract_paramsscsfd}d}||jtjr3d}n||jtjrQd}n||jtjrod}ntj|j rt |j tj drd}qn|S(NcsKd}x>|D]6}tj|r t||drCd}qCq q W|S(Nii(RRR-R9(tsetR R)tx(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytextract_from_sets  ii( t src_typesRRt tgt_typesR!R R1RRt dest_typeR-t DEST_TYPER9(truleR(R=R)((R(s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyttype_rule_extract_paramss    cCsQd}xD|jD]9}tj|rt|tjd|rId}qIqqW|S(Nii(targsRRR-RRR9(tifcallR(R)targ((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytifcall_extract_paramss tAttributeVectorcBseZdZdZRS(cCsd|_tj|_dS(NR(RRtAccessVectorSet(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRs cCs|jj|dS(N(Rtadd_av(RR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRJs(RRRRJ(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRHs t AttributeSetcBs#eZdZdZdZRS(cCs i|_dS(N(t attributes(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRscCs||j|j   cCs/t||jdkrn|jj|dS(Ni(R6R(RRJ(RR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRJ8scCsNg}|jd|jx$|jD]}|jt|q$Wdj|S(Ns[InterfaceVector %s]s (tappendRRtstrR(RtsR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt to_string>s cCs |jS(N(R(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt__str__EscCsd|j|jfS(Ns(RR^(R((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRHsN( RRR9RR_RJRtRuR(((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyR]s  4   t InterfaceSetcBseZd dZdZdZdZdZdZidZ d idZ dZ d Z d Z d ZRS( cCs(i|_i|_g|_||_dS(N(t interfacest tgt_type_mapt tgt_type_alltoutput(RRz((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRMs   cCs$|jr |jj|dndS(Ns (Rztwrite(RRr((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytoSs cCsxt|jjddD]}|jd|jxJt|jjddD]*}|jd|jtj|jfqXW|jdt|j j }x1|D])}|jdj ||jdqWqWdS( NtkeycSs|jS(N(R(R<((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRXss[InterfaceVector %s cSs|jS(N(R(R<((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyRZss%s:%s s] RXs ( tsortedRwtvaluesR{RR(RRR Rtto_listR(RRZtivtparamtavlR'((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytto_fileWs%%(  cCsd}d}x|D]y}|d }|ddkr[|rL|j|n||}q|r|jd}tj|}|j|qqW|r|j|n|jdS(NcSs|dd!j}t|dks5|ddkrHtd|nt}|d|_t|dkrtdSx|dD]t}|jd}t|dkrtd|nt}|d|_tj|d|_||j |jR?R t new_permsR5R*R/R0R"((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pyt map_add_avs*        c CsD|dfg}|j|j}t|_xt|dkr?|jd\}}|j|j}||krx$|jD]}|j|||qxW|jrq+qnx|j D]} | j |jkr|j t ddSy|| j } Wn.t k r$|j t d| j qnX|j| | fqWq+WdS(NiisFound circular interface classs#Missing interface definition for %s(R9RwRR R`RQtpopRRRltifnameR|RtKeyErrorRq( RRat if_by_nametstackRtcurt cur_ifcalltcur_ifvR'REtnewif((s9/usr/lib64/python2.7/site-packages/sepolgen/interfaces.pytdo_expand_ifcallss*     cCsyi}x3tj|j|jD]}|||js"   , 9   Z